Cisco Cisco Web Security Appliance S660 Notas de publicación
3
Release Notes for Cisco IronPort AsyncOS 7.7.0 for Web
7.7.0
Upgrade Paths
Upgrade Paths
You can upgrade to release 7.7.0-608 from the following version:
•
coeus-7-5-0-703
•
coeus-7-5-0-727
•
coeus-7-5-0-810
•
coeus-7-5-0-833
•
coeus-7-5-0-834
•
coeus-7-5-0-836
•
coeus-7-5-0-838
•
coeus-7-5-1-074
•
coeus-7-5-1-079
•
coeus-7-5-1-201
•
coeus-7-5-2-113
Certificate Trust
Store
Management
Store
Management
Greater management control of certificates and certificate authorities. View all of
the Cisco-bundled certificates, remove trust of any Cisco-trusted root certificate
authorities, and view the Cisco-published blacklist. This will provide more
flexibility in making your own decisions with regards to acceptable and
unacceptable certificates used by the WSA.
the Cisco-bundled certificates, remove trust of any Cisco-trusted root certificate
authorities, and view the Cisco-published blacklist. This will provide more
flexibility in making your own decisions with regards to acceptable and
unacceptable certificates used by the WSA.
Within the Web UI, import your own trusted certificates and add them to the trusted
root certificate list. View current Cisco-trusted root certificates and select an option
to override each individual certificate, removing trust by the WSA for that
certificate. View Cisco’s intermediate certificate blacklist. Due to real-life
incidents where certain intermediate CA's were compromised, the WSA was given
a hard-coded list of blacklisted intermediate certificates that was previously
transparent to administrators. This now becomes a viewable list. See Adding
Certificates to the Trusted List and Removing Certificates from the Trusted List in
the user guide or online help.
root certificate list. View current Cisco-trusted root certificates and select an option
to override each individual certificate, removing trust by the WSA for that
certificate. View Cisco’s intermediate certificate blacklist. Due to real-life
incidents where certain intermediate CA's were compromised, the WSA was given
a hard-coded list of blacklisted intermediate certificates that was previously
transparent to administrators. This now becomes a viewable list. See Adding
Certificates to the Trusted List and Removing Certificates from the Trusted List in
the user guide or online help.
Encrypted
Private Keys
Private Keys
Use encrypted, password-protected private keys. Upload encrypted private keys
and provide a password for the WSA to decrypt them. The WSA then stores these
private keys by obfuscating/encrypting them with a password that is unknown to the
user. When configurations are exported to a file, private keys remain obfuscated and
unreadable to the user. The WSA can decrypt them when the configuration is
loaded onto a WSA. See Uploading a Root Certificate and Key in the user guide or
online help.
and provide a password for the WSA to decrypt them. The WSA then stores these
private keys by obfuscating/encrypting them with a password that is unknown to the
user. When configurations are exported to a file, private keys remain obfuscated and
unreadable to the user. The WSA can decrypt them when the configuration is
loaded onto a WSA. See Uploading a Root Certificate and Key in the user guide or
online help.
Enhancements
SNI extension for
Transparent SSL
Handshake
Transparent SSL
Handshake
Access the Server Name Indication (SNI) extension to parse the destination server
name. This is useful when making requests to virtual servers hosting multiple
HTTPS websites such as youtube.com and google.com.
name. This is useful when making requests to virtual servers hosting multiple
HTTPS websites such as youtube.com and google.com.
[Defect Number: 74969, CSCzv50011]
Table 1-1
New Features for AsyncOS 7.7 for Web (continued)
Feature
Description